PfSense on VMware Fusion - LAN hosts cannot get out to internet



  • I am hoping somebody here can help me out.

    I am running pfSense 2.0 in a VM on Fusion 5.0 for Mac.

    The physical Mac has 2 ethernet ports.

    on the Mac:
    ethernet 1 = WAN and it is getting a public IP address from my ISP  (My ISP provides me 4 public static IP addresses)
    ethernet 2 = LAN and it is getting a LAN IP 192.168.2.16 from a LAN DHCP host.

    the VM is configured with two network interfaces

    Network 1 is bridged to ethernet 1
    Network 2 is bridged to ethernet 2

    in the pfSense:
    em0 = WAN and it is getting a public IP address from my ISP (different than the physical WAN IP)
    em1 = LAN and it is getting a LAN IP 192.168.2.201 from a LAN DHCP host.

    The problem I am having is that the physical Mac can browse out to the internet, and the pfSense VM can also traceroute to external internet hosts as well as resolve DNS.  But, other LAN hosts which use the pfSense LAN IP (192.168.2.201) as their default gateway cannot get out through pfSense to access the internet.  These internal LAN hosts can resolve DNS using pfSense as a forwarder  but it seems no traffic is sent out.

    In pfSense Firewall rules I have a default outbound rule for the LAN to allow any protocol any destination from any host on the LAN subnet.

    Also the pfSense NAT settings are set to automatic.

    I never see any outbound NAT mappings created.  None of my LAN hosts using pfSense as their gateway can get out.

    I am hoping this is a relatively easy fix, but I cannot seem to get this working.
    I believe there may be a limitation with VMware Fusion.

    Any suggestions?



  • Recently I ran across a similar problem.
    The latest update to 5.01 (not the Pro version) fixed it for me.
    Have you tried 5.01 yet?



  • @iFloris:

    Recently I ran across a similar problem.
    The latest update to 5.01 (not the Pro version) fixed it for me.
    Have you tried 5.01 yet?

    I am not sure if Fusion 5.0.1 solved it or not.

    I have moved my PFsense FW VM to a different Mac.  The original phsyical host had only a single ethernet, and an Airport card.  The PfSense interfaces were:

    em0 = WAN = Mac Ethernet
    em1 = LAN = Mac airport card

    I have moved the VM to a new Mac, a Mac Pro tower which has two physical ethernet ports.

    Also… I rebuilt the VM for pfSense and this time I chose not to upgrade the VM hardware.  I stuck with the older version of Fusion 4.0 rather than update the HW to Fusion 5.0 (Even though the VM is running under Fusion 5.0.1)

    I have it working.  But... at some point I will move the VM for pfSense back to my Macbook Pro and test it again with a single ethernet and an airport.

    Unfortunately too many things changed within my environment for me to determine what the fix was.


Log in to reply